Certificates incorrectly imported during Enterprise Console server migration

  • ID dell'articolo: 118865
  • Aggiornato: 15 mag 2014


Issue

After migrating your Enterprise Console to a new server, all managed endpoints fail to report into the new Enterprise Console and existing Update Managers are either not listed or display the error below when attempting to view their properties.

Base64Decode returned false

First seen in

Enterprise Console 5.0.0

Cause

This is caused when the certificate store from the old server is either imported incorrectly or not imported at all.

What To Do

There are a number of different scenarios that can cause the same symptoms, each has been detailed below.  This guide assumes you have knowledge on uninstalling applications as well as using the registry.

Certificates Not Imported

If the certificates were not imported during the migration process the client devices will fail authentication when communicating with the Enterprise Console server.

  1. On the new server, uninstall the components below if they exist:
    • Sophos Management Server
    • Sophos Update Manager
    • Sophos Remote Management System
  2. On the old server, backup the certificates found in the registry using one of the below paths
    • 32-bit OS: HKLM\SOFTWARE\Sophos\Certification Manager
    • 64-bit OS: HKLM\SOFTWARE\Wow6432node\Sophos\Certification Manager
  3. If moving between a 32-bit and 64-bit platform then follow the section titled 'Certificates Not Updated For Your Platform'.
  4. On the new server import the certificates into the registry
  5. Reinstall the Enterprise Console and the problem should be solved

Certificates Imported After Installation

The order in which the certificates are imported is very important. If they are imported too late in the migration procedure, new certificates will already have been issued and assigned to various components on the server.

  1. On the new server, uninstall the components below if they exist:
    • Sophos Management Server
    • Sophos Update Manager
    • Sophos Remote Management System
  2. If moving between a 32-bit and 64-bit platform then please follow the section titled "Certificates Not Updated For Your Platform"
  3. On the new server import the certificates into the registry
  4. Reinstall the Enterprise Console and the problem should be solved

Certificates Not Updated For Your Platform

When moving from a 32-bit to 64-bit platform you need to update the registry entries to reflect Microsoft's new registry path used by 64-bit operating systems. 

  1. On the new server, uninstall the components below if they exist:
    • Sophos Management Server
    • Sophos Update Manager
    • Sophos Remote Management System
  2. On the old server, backup the certificates found in the registry using one of the below paths
    • 32-bit OS: HKLM\SOFTWARE\Sophos\Certification Manager
    • 64-bit OS: HKLM\SOFTWARE\Wow6432node\Sophos\Certification Manager
  3. Open the backed up registry key in notepad
  4. Select Edit | Replace.
  5. Complete the fields:
    • Find: \SOFTWARE\Sophos\ 
    • Replace: \SOFTWARE\Wow6432Node\Sophos\
  6. Click Replace all
  7. Using the same procedure also replace the strings below:
    • Find: C:\\Program Files\\Sophos\\Enterprise Console\\SUMInstaller and in
    • Replace: C:\\Program Files (x86)\\Sophos\\Enterprise Console\\SUMInstaller
  8. Click Replace all
  9. Save the file and close Notepad
  10. On the new server import the amended certificates into the registry
  11. Reinstall the Enterprise Console and the problem should be solved

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti